Networked systems generally operate with various forms of anti-virus protection and content filtering to protect against unauthorized access, intrusions, or attacks on the network. Protective measures against different types of intrusion on a network typically take the form of a gateway appliance that is positioned to intercede between a local area network and outside networks (e.g. at the point where a local area network connects to the Internet). One or more content analysis applications, such as anti-virus and filtering applications, may reside on the gateway appliance. As shown in FIG. 1, in the gateway approach the information received from the Internet 12 would be intercepted at the gateway 14 before being routed at a switch 16 inside the network to the appropriate destination device 8 in the network 10. All content filtering, virus checking, and intrusion detection would be performed in the gateway device 14. Although hypothetically effective against all unwanted intrusions, viruses and content originating outside of the local area network, this in-line method of content analysis has some potential drawbacks. Because all information sent to the local area network 10 must pass through the gateway appliance 14, a bottleneck may develop at the gateway if the gateway is configured to perform anti-virus, content filtering or intrusion detection function for the network, thus degrading system performance. Also, information passed between devices within the network would not be subject to the protection provided by the gateway appliance.
Another current approach for anti-virus, content filtering, or intrusion detection requires distributing software applications to each work station or other device 18 within the local area network 10. In some ways, this solution improves over the in-line gateway appliance solution in that all data traffic, whether originating outside the network through an Internet connection or consisting of data passed between devices within the local area network, will be within the reach of the software agents on the work stations. Several disadvantages, however, also accompany the distributed software agent approach. For example, maintaining a uniform and updated set of software agents on each and every device within a network can be challenging and resource intensive. Individual work station users may inadvertently fail to properly use the software resources even if those resources are complete and current. Even more troubling is the potential for an individual work station user to circumvent the protections of software agents on the user's network device.
Accordingly, there is a need for an effective and efficient way to provide and maintain data content analysis applications in local area networks.